Gawker Lessons Not Learned

The massive data
breach on Gawker in December revealed nearly 30 percent people tended to
use the same password across multiple sites, a security no-no. It turned out
both Barr and Vera were no better, using the same password for e-mail, Twitter,
and other systems. Barr had used the same password for his
e-mail account, and as the administrator, had access to all the company's mail
and other users' mailboxes, giving Anonymous full access to all the e-mails.
Vera had also used the same password on the company's
support server. The attack could have easily stalled there as Vera didn't have
any administrative rights, except the IT team had not patched the privilege
escalation vulnerability in the Linux kernel. The flaw had been identified in
October, and patches released a month later. With full access on the box, the
attackers discovered gigabytes of backups and research data, which they
promptly deleted.

The Anonymous hack used standard, widely known techniques to
compromise a system, collect information and use the collected data to
compromise additional systems. It didn't matter if most of the employees had
complex passwords, because the attackers needed to crack just one password to
gain access.

Barr and HBGary Federal was embroiled in another controversy
as the contents of its e-mails were publicized, revealing various dirty tricks the
company engaged on behalf of clients such as law firms, banks, and the U.S.
Chamber of Commerce. Some of the proposals listed borderline illegal tactics
aimed at discrediting WikiLeaks, including cyberattacks, forged documentation,
and blackmailing WikiLeaks supporter and Salon journalist Glenn Greenwald.
"I need to focus on taking care of my family and rebuilding
my reputation," Barr said. Stephen Colbert had mocked Barr's World of
Warcraft account and referenced some of the more embarrassing e-mails on The
Colbert Report last week.